scapy.layers.dot11

Wireless LAN according to IEEE 802.11.

class scapy.layers.dot11.AKMSuite

Bases: scapy.packet.Packet

aliastypes
extract_padding(s)
fields_desc
AKMSuite fields

oui

X3BytesField

4012

suite

ByteEnumField

1

class scapy.layers.dot11.Dot11

Bases: scapy.packet.Packet

aliastypes
answers(other)
fields_desc
Dot11 fields

subtype

BitField (4 bits)

0

type

BitEnumField (2 bits)

0

proto

BitField (2 bits)

0

FCfield

FlagsField (8 bits)

<Flag 0 ()>

ID

ShortField

0

addr1

MACField

'00:00:00:00:00:00'

addr2

MACField (Cond)

'00:00:00:00:00:00'

addr3

MACField (Cond)

'00:00:00:00:00:00'

SC

LEShortField (Cond)

0

addr4

MACField (Cond)

'00:00:00:00:00:00'

guess_payload_class(payload)
mysummary()
payload_guess

Possible sublayers: Dot11ATIM, Dot11Ack, Dot11AssoReq, Dot11AssoResp, Dot11Auth, Dot11Beacon, Dot11Deauth, Dot11Disas, Dot11ProbeReq, Dot11ProbeResp, Dot11ReassoReq, Dot11ReassoResp, LLC

unwep(key=None, warn=1)
class scapy.layers.dot11.Dot11ATIM

Bases: scapy.packet.Packet

aliastypes
class scapy.layers.dot11.Dot11Ack

Bases: scapy.packet.Packet

aliastypes
class scapy.layers.dot11.Dot11AssoReq

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11AssoReq fields

cap

FlagsField (16 bits)

<Flag 0 ()>

listen_interval

LEShortField

200

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11AssoResp

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11AssoResp fields

cap

FlagsField (16 bits)

<Flag 0 ()>

status

LEShortField

0

AID

LEShortField

0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11Auth

Bases: scapy.packet.Packet

aliastypes
answers(other)
fields_desc
Dot11Auth fields

algo

LEShortEnumField

0

seqnum

LEShortField

0

status

LEShortEnumField

0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11Beacon

Bases: scapy.layers.dot11._Dot11NetStats

aliastypes
fields_desc
Dot11Beacon fields

timestamp

LELongField

0

beacon_interval

LEShortField

100

cap

FlagsField (16 bits)

<Flag 0 ()>

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11CCMP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes
fields_desc
Dot11CCMP fields

PN0

ByteField

0

PN1

ByteField

0

res0

ByteField

0

key_id

BitField (2 bits)

0

ext_iv

BitField (1 bit)

0

res1

BitField (5 bits)

0

PN2

ByteField

0

PN3

ByteField

0

PN4

ByteField

0

PN5

ByteField

0

data

StrField

None

payload_guess

Possible sublayers: Raw

class scapy.layers.dot11.Dot11Deauth

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11Deauth fields

reason

LEShortEnumField

1

class scapy.layers.dot11.Dot11Disas

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11Disas fields

reason

LEShortEnumField

1

class scapy.layers.dot11.Dot11Elt

Bases: scapy.packet.Packet

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
Dot11Elt fields

ID

ByteEnumField

0

len

FieldLenField

None

info

StrLenField

b''

getlayer(cls, nb=1, _track=None, _subclass=True, **flt)
haslayer(cls)
info
mysummary()
payload_guess

Possible sublayers: Dot11Elt

post_build(p, pay)
pre_dissect(s)
classmethod register_variant()
registered_ies = {0: <class 'scapy.layers.dot11.Dot11Elt'>, 1: <class 'scapy.layers.dot11.Dot11EltRates'>, 7: <class 'scapy.layers.dot11.Dot11EltCountry'>, 48: <class 'scapy.layers.dot11.Dot11EltRSN'>, 221: <class 'scapy.layers.dot11.Dot11EltVendorSpecific'>}
show_indent = 0
class scapy.layers.dot11.Dot11EltCountry

Bases: scapy.layers.dot11.Dot11Elt

aliastypes
fields_desc
Dot11EltCountry fields

ID

ByteField

7

len

ByteField

None

country_string

StrFixedLenField

b'\x00\x00\x00'

descriptors

PacketListField

[]

pad

ByteField (Cond)

0

class scapy.layers.dot11.Dot11EltCountryConstraintTriplet

Bases: scapy.packet.Packet

aliastypes
extract_padding(s)
fields_desc
Dot11EltCountryConstraintTriplet fields

first_channel_number

ByteField

1

num_channels

ByteField

24

mtp

ByteField

0

class scapy.layers.dot11.Dot11EltMicrosoftWPA

Bases: scapy.layers.dot11.Dot11Elt

aliastypes
fields_desc
Dot11EltMicrosoftWPA fields

ID

ByteField

221

len

ByteField

None

oui

X3BytesField

20722

type

XByteField

1

version

LEShortField

1

group_cipher_suite

PacketField

<RSNCipherSuite  |>

nb_pairwise_cipher_suites

LEFieldLenField

1

pairwise_cipher_suites

PacketListField

[<RSNCipherSuite  |>]

nb_akm_suites

LEFieldLenField

1

akm_suites

PacketListField

[<AKMSuite  |>]

class scapy.layers.dot11.Dot11EltRSN

Bases: scapy.layers.dot11.Dot11Elt

aliastypes
fields_desc
Dot11EltRSN fields

ID

ByteField

48

len

ByteField

None

version

LEShortField

1

group_cipher_suite

PacketField

<RSNCipherSuite  |>

nb_pairwise_cipher_suites

LEFieldLenField

1

pairwise_cipher_suites

PacketListField

[<RSNCipherSuite  |>]

nb_akm_suites

LEFieldLenField

1

akm_suites

PacketListField

[<AKMSuite  |>]

mfp_capable

BitField (1 bit)

0

mfp_required

BitField (1 bit)

0

gtksa_replay_counter

BitField (2 bits)

0

ptksa_replay_counter

BitField (2 bits)

0

no_pairwise

BitField (1 bit)

0

pre_auth

BitField (1 bit)

0

reserved

BitField (8 bits)

0

pmkids

PacketField (Cond)

None

class scapy.layers.dot11.Dot11EltRates

Bases: scapy.layers.dot11.Dot11Elt

aliastypes
fields_desc
Dot11EltRates fields

ID

ByteField

1

len

ByteField

None

rates

FieldListField

[]

class scapy.layers.dot11.Dot11EltVendorSpecific

Bases: scapy.layers.dot11.Dot11Elt

aliastypes
fields_desc
Dot11EltVendorSpecific fields

ID

ByteField

221

len

ByteField

None

oui

X3BytesField

0

info

StrLenField

b''

class scapy.layers.dot11.Dot11Encrypted

Bases: scapy.packet.Packet

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
Dot11Encrypted fields

data

StrField

None

class scapy.layers.dot11.Dot11FCS

Bases: scapy.layers.dot11.Dot11

aliastypes
compute_fcs(s)
fields_desc
Dot11FCS fields

subtype

BitField (4 bits)

0

type

BitEnumField (2 bits)

0

proto

BitField (2 bits)

0

FCfield

FlagsField (8 bits)

<Flag 0 ()>

ID

ShortField

0

addr1

MACField

'00:00:00:00:00:00'

addr2

MACField (Cond)

'00:00:00:00:00:00'

addr3

MACField (Cond)

'00:00:00:00:00:00'

SC

LEShortField (Cond)

0

addr4

MACField (Cond)

'00:00:00:00:00:00'

fcs

FCSField

None

match_subclass = True
post_build(p, pay)
class scapy.layers.dot11.Dot11PacketList(res=None, name='Dot11List', stats=None)

Bases: scapy.plist.PacketList

listname
res
stats
toEthernet()
class scapy.layers.dot11.Dot11ProbeReq

Bases: scapy.packet.Packet

aliastypes
payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11ProbeResp

Bases: scapy.layers.dot11._Dot11NetStats

aliastypes
fields_desc
Dot11ProbeResp fields

timestamp

LELongField

0

beacon_interval

LEShortField

100

cap

FlagsField (16 bits)

<Flag 0 ()>

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11QoS

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11QoS fields

Reserved

BitField (1 bit)

None

Ack_Policy

BitField (2 bits)

None

EOSP

BitField (1 bit)

None

TID

BitField (4 bits)

None

TXOP

ByteField

None

guess_payload_class(payload)
payload_guess

Possible sublayers: LLC

class scapy.layers.dot11.Dot11ReassoReq

Bases: scapy.packet.Packet

aliastypes
fields_desc
Dot11ReassoReq fields

cap

FlagsField (16 bits)

<Flag 0 ()>

listen_interval

LEShortField

200

current_AP

MACField

'00:00:00:00:00:00'

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11ReassoResp

Bases: scapy.layers.dot11.Dot11AssoResp

aliastypes
fields_desc
Dot11ReassoResp fields

cap

FlagsField (16 bits)

<Flag 0 ()>

status

LEShortField

0

AID

LEShortField

0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11TKIP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes
fields_desc
Dot11TKIP fields

TSC1

ByteField

0

WEPSeed

ByteField

0

TSC0

ByteField

0

key_id

BitField (2 bits)

0

ext_iv

BitField (1 bit)

0

res

BitField (5 bits)

0

TSC2

ByteField (Cond)

0

TSC3

ByteField (Cond)

0

TSC4

ByteField (Cond)

0

TSC5

ByteField (Cond)

0

data

StrField

None

payload_guess

Possible sublayers: Raw

class scapy.layers.dot11.Dot11WEP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes
build_payload()
decrypt(key=None)
encrypt(**kwargs)
fields_desc
Dot11WEP fields

iv

StrFixedLenField

b'\x00\x00\x00'

keyid

ByteField

0

wepdata

StrField

None

icv

IntField

None

post_build(p, pay)
post_dissect(s)
class scapy.layers.dot11.PMKIDListPacket

Bases: scapy.packet.Packet

aliastypes
extract_padding(s)
fields_desc
PMKIDListPacket fields

nb_pmkids

LEFieldLenField

0

pmkid_list

FieldListField

[]

class scapy.layers.dot11.PrismHeader

Bases: scapy.packet.Packet

iwpriv wlan0 monitor 3

aliastypes
answers(other)
fields_desc
PrismHeader fields

msgcode

LEIntField

68

len

LEIntField

144

dev

StrFixedLenField

b''

hosttime_did

LEIntField

0

hosttime_status

LEShortField

0

hosttime_len

LEShortField

0

hosttime

LEIntField

0

mactime_did

LEIntField

0

mactime_status

LEShortField

0

mactime_len

LEShortField

0

mactime

LEIntField

0

channel_did

LEIntField

0

channel_status

LEShortField

0

channel_len

LEShortField

0

channel

LEIntField

0

rssi_did

LEIntField

0

rssi_status

LEShortField

0

rssi_len

LEShortField

0

rssi

LEIntField

0

sq_did

LEIntField

0

sq_status

LEShortField

0

sq_len

LEShortField

0

sq

LEIntField

0

signal_did

LEIntField

0

signal_status

LEShortField

0

signal_len

LEShortField

0

signal

LESignedIntField

0

noise_did

LEIntField

0

noise_status

LEShortField

0

noise_len

LEShortField

0

noise

LEIntField

0

rate_did

LEIntField

0

rate_status

LEShortField

0

rate_len

LEShortField

0

rate

LEIntField

0

istx_did

LEIntField

0

istx_status

LEShortField

0

istx_len

LEShortField

0

istx

LEIntField

0

frmlen_did

LEIntField

0

frmlen_status

LEShortField

0

frmlen_len

LEShortField

0

frmlen

LEIntField

0

payload_guess

Possible sublayers: Dot11

class scapy.layers.dot11.RSNCipherSuite

Bases: scapy.packet.Packet

aliastypes
extract_padding(s)
fields_desc
RSNCipherSuite fields

oui

X3BytesField

4012

cipher

ByteEnumField

4

class scapy.layers.dot11.RadioTap

Bases: scapy.packet.Packet

aliastypes
deprecated_fields = {'Channel': ('ChannelFrequency', '2.4.3'), 'ChannelFlags2': ('ChannelPlusFlags', '2.4.3'), 'ChannelNumber': ('ChannelPlusNumber', '2.4.3')}
fields_desc
RadioTap fields

version

ByteField

0

pad

ByteField

0

len

LEShortField

None

present

FlagsField (32 bits)

None

Ext

PacketListField (Cond)

[]

mac_timestamp

_RadiotapReversePadField (Cond)

0

Flags

_RadiotapReversePadField (Cond)

None

Rate

_RadiotapReversePadField (Cond)

0

ChannelFrequency

_RadiotapReversePadField (Cond)

0

ChannelFlags

FlagsField (Cond) (16 bits)

None

dBm_AntSignal

_RadiotapReversePadField (Cond)

-256

dBm_AntNoise

_RadiotapReversePadField (Cond)

-256

Lock_Quality

_RadiotapReversePadField (Cond)

0

Antenna

_RadiotapReversePadField (Cond)

0

RXFlags

_RadiotapReversePadField (Cond)

None

TXFlags

_RadiotapReversePadField (Cond)

None

ChannelPlusFlags

_RadiotapReversePadField (Cond)

None

ChannelPlusFrequency

LEShortField (Cond)

0

ChannelPlusNumber

ByteField (Cond)

0

knownMCS

_RadiotapReversePadField (Cond)

None

Ness_LSB

BitField (Cond) (1 bit)

0

STBC_streams

BitField (Cond) (2 bits)

0

FEC_type

BitEnumField (Cond) (1 bit)

0

HT_format

BitEnumField (Cond) (1 bit)

0

guard_interval

BitEnumField (Cond) (1 bit)

0

MCS_bandwidth

BitEnumField (Cond) (2 bits)

0

MCS_index

ByteField (Cond)

0

A_MPDU_ref

_RadiotapReversePadField (Cond)

0

A_MPDU_flags

FlagsField (Cond) (32 bits)

None

KnownVHT

_RadiotapReversePadField (Cond)

None

PresentVHT

FlagsField (Cond) (8 bits)

None

VHT_bandwidth

ByteEnumField (Cond)

0

mcs_nss

StrFixedLenField (Cond)

0

GroupID

ByteField (Cond)

0

PartialAID

ShortField (Cond)

0

timestamp

_RadiotapReversePadField (Cond)

0

ts_accuracy

LEShortField (Cond)

0

ts_position

ByteField (Cond)

0

ts_flags

ByteField (Cond)

0

he_data1

_RadiotapReversePadField (Cond)

0

he_data2

ShortField (Cond)

0

he_data3

ShortField (Cond)

0

he_data4

ShortField (Cond)

0

he_data5

ShortField (Cond)

0

he_data6

ShortField (Cond)

0

hemu_flags1

_RadiotapReversePadField (Cond)

0

hemu_flags2

LEShortField (Cond)

0

RU_channel1

FieldListField (Cond)

[]

RU_channel2

FieldListField (Cond)

[]

hemuou_per_user_1

_RadiotapReversePadField (Cond)

32767

hemuou_per_user_2

LEShortField (Cond)

63

hemuou_per_user_position

ByteField (Cond)

0

hemuou_per_user_known

FlagsField (Cond) (16 bits)

<Flag 0 ()>

lsig_data1

_RadiotapReversePadField (Cond)

<Flag 0 ()>

lsig_length

BitField (Cond) (12 bits)

0

lsig_rate

BitField (Cond) (4 bits)

0

notdecoded

StrLenField

b''

guess_payload_class(payload)
post_build(p, pay)
class scapy.layers.dot11.RadioTapExtendedPresenceMask(_pkt=None, index=0, **kwargs)

Bases: scapy.packet.Packet

RadioTapExtendedPresenceMask should be instantiated by passing an index= kwarg, stating which place the item has in the list.

Passing index will update the b[x] fields accordingly to the index.
e.g.
>>> a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext")
>>> b = RadioTapExtendedPresenceMask(index=1, present="b33+b45+b59+b62")
>>> pkt = RadioTap(present="Ext", Ext=[a, b])
aliastypes
fields_desc
RadioTapExtendedPresenceMask fields

present

FlagsField (32 bits)

None

guess_payload_class(pay)
class scapy.layers.dot11.WiFi_am(**kargs)

Bases: scapy.ansmachine.AnsweringMachine

Before using this, initialize “iffrom” and “ifto” interfaces: iwconfig iffrom mode monitor iwpriv orig_ifto hostapd 1 ifconfig ifto up note: if ifto=wlan0ap then orig_ifto=wlan0 note: ifto and iffrom must be set on the same channel ex: ifconfig eth1 up iwconfig eth1 mode monitor iwconfig eth1 channel 11 iwpriv wlan0 hostapd 1 ifconfig wlan0ap up iwconfig wlan0 channel 11 iwconfig wlan0 essid dontexist iwconfig wlan0 mode managed

filter = None
function_name = 'airpwn'
is_request(pkt)
make_reply(p)
parse_options(iffrom='eth0', ifto='eth0', replace='', pattern='', ignorepattern='')
print_reply(query, *reply)
send_reply(reply)
sniff()